Needed a part, available almost exclusively on Ebay. All the sellers accept only paypal. Must all be masochists or something. Wish I had stuck it out now, but today before I heard about this I used paypal for the first time in *years*. And the last time, ever.

Try the sguil console, and you'll be happier with handling alerts. It presents the data from full content pcaps, Snort alerts, and session data, together with a handy window to to reverse DNS and whois. It will give you the signature that fired the alert, or, if no alert fired (say someone emailed abuse@yourdomain.tld with an IP and time range) you can look back in time and see what connections your host had open when. It will even help you decide which alerts are useful and which are useless, but you still have to tune the rules yourself. For handling that, I use oinkmaster. Sguil scales to billions of rows.

Some folks have worked on integrating bro (or was it prelude?), which is another interesting alerting engine. It might be possible to integrate with this project.

if it vindicates the guy's account, it'll get "lost" or be shielded in the name of national security for revealing camera positions. The assaulting BP will get cover from his agency. OTOH there will magically be no security issue if it even approaches a vindication for the cops.

I went through a bullshit audit back in the day, when a disgruntled employee tried to inform on the college where we worked. He was largely responsible for the mess, I was largely responsible for cleaning it up in spite of political pressure from the top to keep things working as they always did. A couple of months after the cleanup, they notified us we were being audited. We had the ability to run our own audit and when they were not helpful in narrowing the search, supplied a multi thousand page report in 8-pt type giving every executable on every machine.

Months later they found one classroom still had software on it that was not being used in that room (class was moved to another building). They asked for something like $30K in fines. We told them we were poster children for compliance, could prove that the software was not used, and told them to fuck off. They did.

Bastards went on a fishing expedition elsewhere, hitting non-profits and other underfunded.edu's where they figured the IT depts would cave rather than fight because they lacked the resources to control their environments.